Serial No.: 10/785,584 
IN THE CLAIMS : 

Please amend the claims as follows: 

1. (Canceled) A method for monitor i ng uoor l ogin activ i ty for a oerver 
appl i cation, tho method comprising: 

(a) r o coiving commun i cat i on data botwoon a server appl i cation and a cliont; 

^b) monitoring uoor login failuroo betwoon tho sorvor app li cation and th e 

c l iont during an establiohod Doos i on; and 
^ dotocting whon the number of user login fai l ures oxcoods a 

prodoterm i nod number. 

2. (Canceled) Tho m e thod of claim 1 , whor oi n tho commun i cation data is 
oommun i catod ovor a notwork selootod from tho group consisting of a globa l 
commun i cat i on notworl<, a wido area network, a l oca l aroa network, and a wirel e ss 
n e twork. 

3. (Canceled) Tho m e thod of claim 1, whoroin the communicat i on data 
compris e s an application protoco l s o locted from tho group consisting of hyp e rtext 
transf e r protocols, s i mple obj e ct acc e ss protocols, w e b distributed authoring and 
voroioning protoco l o, s i mple mai l transfer protoco l c. w i ro l ecc app l icat i on protoco l s, file 
transfer protocols, I ntornet message access protocols, post off i ce protoco l s, web 
services protoco l s, simp l e ma il transfer protocols, structurod hypertext transfer 
protocols, and w e b ' ma il protoco l s. 

4. (Canceled) Tho method of claim 1 , where i n the communication data can 
comprise HTTP roquooto from the c li ent and HTTP rooponsoc from the serv e r 
app l ication. 

5. (Canceled) Tho method of c l aim 1. whoroin the sen/ e r app li cat i on i s 
i mpl e m e nted by a web s e rv e r. 
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6. (Canceled) Tho mothod of c l aim 1, whoroin tho o l iont i s i mp l emented by 
a web onab l od dovico i nc l ud i ng a un i que I ntomot protoco l ( I P) address. 

7. (Canceled) Tho mothod of c l aim 1. wherein tho communicat i on data 
compr i s e s only transmission contro l protoco l packets. 

8. (Canceled) Tho mothod of c l a i m 1 , whoroin tho servor app l ication 
compris e s a plurality of serv e r app li cations. 

9. (Canceled) Tho mothod of c l a i m 1 , whoro i n tho mon i tored us e r login 
failur e s are assoc i ated with a s i ng le us e r account. 

10. (Canceled) Tho method of c l aim 1, whoroin tho monitored usor l ogin 
fai l ures are associated w i th a s i ngle Intornot protocol ( I P) address. 

11. (Canceled) A system for monitoring usor l ogin act i vity for a server 
application, tho syst e m compr i s i ng: 

(a) a network i nterface operable to rece i v e communicat i on data between a 

oorv o r applicat i on and a client; and 

(b) a dotoctor oporablo to mon i tor user log i n failur e s b e tw ee n th o server 

app li cat i on and tho c l ient dur i ng an established soGs i on, and operab l e to 
detect when the number of user l ogin fai l ures e xceeds a predetermined 
numb e r. 

12. (Canceled) Tho system of c l aim 1 1 , wh e rein the commun i cat i on data is 
Gommunicatod over a n e twork se l ect e d from tho group consiot i ng of a g l obal 
communication network, a wide area n e twork, a l oca l area network, and a w i re l e s s 
network. 
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13. (Canceled) Tho oyotom of cla i m 11, wh e r e in tho commun i cat i on data 
comprisos an app li cation protoco l soloctod from th e group consist i ng of hypert e xt 
transfer protocols, s i mple object access protocols, wob distribut e d author i ng and 
vorsioning protocols, oimplo ma il transfer protoco l s, wiro l oss appl i cation protocols, file 
transfer protoco l s, I ntornot message access protoco l s, post offic e protoco l o, w e b 
oorvicos protoco l s, s i mp l e mal l transfer protocols, structur e d hyportoxt transfer 
protocols, and wob mai l protocols. 

14. (Canceled) Th o syst e m of c l aim 1 1 , wh e r e in tho commun i cat i on data can 
compriso HTTP roquootc from tho cliont and HTTP respons e s from tho s e rver 
app li cation. 

15. (Canceled) Tho oyotom of cla i m 11, wherein tho oorver appl i cation is 
i mpl e m e nted by a wob serv e r. 

16. (Canceled) Th o system of cla i m 1 1 , where i n tho cliont is imp l omont e d by 
a wob enabled dovico including a un i qu e I nt o rnot protocol (IP) addr e ss. 

17. (Canceled) Th o system of c l aim 11, wherein tho commun i cat i on data 
compris e s on l y transm i ssion control protocol pack e ts. 

18. (Canceled) Tho syst e m of c l a i m 1 1 , where i n tho server appl i cat i on 
compr i s e s a p l ura li ty of serv e r applicat i ons. 

19. (Canceled) Tho system of c l a i m 11, whorein the monitored us e r l ogin 
fa il ur e s are associat e d w i th a s i ngl e us e r account. 
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20. (Canceled) A — comput e r — program — product — compris i ng — computer 
oxocutab l o inGtruotiono embod i ed in a computer roadablo medium for performing 
st e ps compris i ng: 

(a) rece i ving communication data betw e en a serv e r applicat i on and a cli e nt; 

{b) monitor i ng uoor log i n failures betwe e n the serv e r applicat i on and the 

client during an establ i sh e d sess i on; and 
(c) detect i ng when th e number of user l ogin fai l ures exceeds a 

predet e rmined numb e r 

21. (Canceled) The computer program product of cla i m 20, whoroin tho 
communicat i on data is commun i cated over a network se l ected from th e group 
consisting of a global communication network, a wide ar e a network, a local ar e a 
n e twork, and a wireless n e twork, 

22. (Canceled) Tho computer program product of c l a i m 20, wher e in th e 
commun i cation data compris e s an appl i cation protoco l select e d from th e group 
consisting of hyp e rtext transfer protocols, simple obj e ct access protoco l s, w e b 
d i stribut e d authoring and vorsion i ng protoco l s, simple mai l transfer protocols, wire l ess 
appl i cat i on protocols, file transfer protocols, Int e rnet message access protocols, post 
offic e protocols, w e b serv i c e s protocols, simp le mai l transfer protocols, structured 
hyp e rtext transfer protocols, and web mail protoco l s. 

23. (Canceled) The computer program product of claim 20, wher e in the 
commun i cation data can comprise HTTP r e qu e sts from th e c l i e nt and HTTP 
responses from the server applicat i on. 

24. (Canceled) Th e comput e r program product of claim 20, wh e r e in th e 
serv e r applicat i on is implem e nted by a w e b s e rv e r. 
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25. (Canceled) Tho oomputor program product of c l aim 20, whoroin tho c l ient 
i o implom o ntod by a web onab l od dovico includ i ng a un i quo I ntornot protocol (IP) 
addr e ss. 

26. (Canceled) Tho computer program product of c l a i m 20, whoroin the 
communicat i on data compr i sos on l y tranomission control protoco l packets. 

27. (Canceled) Tho computer program product of claim 20, whoroin the 
Gorvor application compriooo a plura li ty of oorvor applications. 

28. (Canceled) Tho computer program product of claim 20, whoroin the 
mon i tored uoor l ogin failuroo aro ascociatod with a o i nglo uoor account. 

29. (Canceled) Tho computer program product of c l aim 20, wherein the 
mon i tored uoor login failuroo aro ascociatod with a s i nglo Intornot protocol (IP) 
address. 

30. (Currently Amended) A method for monitoring user login activity for a 
server application, the method comprising: 

(a) rocoiving capturing communication data communica ted in a network 
connecting betw ee n a sen/er application and a client; 

(b) monitoring user login failures between the server application and the 
client during a predetennined time and based on the captured 
communication data ; and 

(c) detecting whether the number of user login failures exceeds a 
predetermined number. 

31. (Original) The method of claim 30, wherein the communication data is 
communicated over a network selected from the group consisting of a global 
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communication network, a wide area network, a local area network, and a wireless 
network. 

32. (Currently Amended) The method of claim 30, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, oimp l o ma il trancfor protoco l s, wireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web sen/ices protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

33. (Original) The method of claim 30, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the server 
application. 

34. (Canceled) Tho method of c l aim 30, whorein tho oorvor application is 
i mp l om e ntod by a wob serv e r. 

35. (Canceled) Tho method of cla i m 30, whoroin tho cliont is implomonted by 
a wob onablod dov i co inc l uding a unique Intornot protoco l (IP) address. 

36. (Canceled) Tho method of cla i m 30, whore i n tho commun i cation data 
compr i s e s on l y transmiss i on control protoco l pack e ts. 

37. (Currently Amended) A system for monitoring user login activity for a 
server application, the method comprising: 

(a) a network interface operable to rece i v e capture communication data 
communicated in a network connecting b e tw ee n a server application and 
a client; 
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(b) a detector operable to monitor user login failures between the server 
application and the client during a predetermined time and based on the 
captured communicated data , and operable to detect when the number 
of user login failures exceeds a predetermined number. 

38. (Original) The system of claim 37, wherein the communication data is 
communicated over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a wireless 
network. 

39. (Currently Amended) The system of claim 37, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, o i mpio ma i l tronofor protoco l s, wireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

40. (Original) The system of claim 37, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the sen/er 
application. 

41. (Canceled) The system of claim 37, wh e r e in tho sorvor applicat i on i s 
i mp l om e ntod by a web serv e r. 

42. (Canceled) Tho system of c l aim 37, whoroin tho cl i ont i s i mp l ement e d by 
a w e b e nab le d dev i co i nclud i ng a un i que Int e rn e t protoco l (IP) addr e ss. 

43. (Canceled) Tho syst e m of c l a i m 37, whor e in tho communication data 
oompriseo on l y tranom i coion contro l protocol pack e ts. 
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44. (Currently Amended) A computer program product comprising computer- 
executable instructions embodied in a computer-readable medium for perfonning 
steps comprising: 

(a) roGoiving capturing communication data communica ted in a network 
connecting between a server application and a client; 

(b) monitoring user login failures between the server application and the 
client during a predetemiined time and based on the captured 
communication data ; and 

(c) detecting when the number of user login failures exceeds a 
predetermined number. 

45. (Canceled) Tho computor program product of cla i m 4^, whoroin the 
commun i cat i on data is communicatod ovor a network ooloctod from tho -group 
cons i ot i ng of a globa l commun i cation network, a w i do aroa network, a l ocal area 
n e twork, and a wir el ess n e twork. 

46. (Canceled) Th o computor program product of cla i m A^, whoroin the 
communication data oompr i oos an application protoco l oo l octod from tho group 
oonoioting of hypertext tranofor protocols, o i mplo obj e ct accoss protocols, web 
distribut o d authoring and v e rsion i ng protocols, s i mpl e mail transf e r protocols, w i r e l e ss 
appl i cat i on protoco l s, filo transfer protoco l s, Intern e t m o ssago acc o ss protocols, post 
offico protocols, web s e rv i c e s protoco l s, s i mp le mail transfer protoco l s, structured 
hyportoxt transfer protocols, and wob ma i l protoco l s. 

47. (Canceled) Tho computor program product of claim AA, wherein th e 
communicat i on data can compr i so HTTP roqu e sts from tho c l ient and HTTP 
responses from th e sorvor applicat i on. 
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48. (Canceled) Tho computor program product of c l a i m AA, whoro i n the 
Gorver applioat i on io i mplomonted by a wob oorver. 

49. (Canceled) Tho computor program product of c l a i m AA, whoro i n tho client 
ic imp l om e ntod by a wob onablod dov i co i ncluding a un i que I ntornot protoco l ( I P) 
addr e ss. 

50. (Canceled) Tho computor program product of c l a i m AA, whor e in the 
communicat i on data comprioos on l y transmiss i on control protocol pack o ts. 

51. (Canceled) A method for mon i tor i ng user l ogin act i vity for a s e rv e r 
applicat i on, tho method compris i ng: 

^a) rocoiv i ng communicat i on data botwoon a server application and an first 

authont i catod user; 

(b) monitor i ng a login soss i on botwoon tho server app li cation and the first 

authent i cated usor during a tim e i nterva l ; and 
(e) detecting whether tho first authonticatod usor l ogs into tho sorver 

app l ication as a second authent i cated usor during tho timo interval. 

52. (Canceled) Tho method of c l a i m 51, whoroin tho pommunication data is 
communicat o d ovor a network oo l octod from tho group consisting of a global 
commun i cation network, a wide area network, a loca l area network, and a wireless 
network. 

53. (Canceled) Tho method of c l aim 51, whoro i n tho communicat i on data 
comprioos an applicat i on protocol oo l octod from tho group cons i st i ng of hyp e rtext 
transfer protoco l s, simple object access protocols, wob distributed authoring and 
vors i on i ng protoco l s, s i mple mai l transfer protocols, w i rel o ss app l ication protoco l s, f i le 
transfer protoco l s, Intornot message access protoco l s, post offico protoco l s, web 
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oorv i oos protocolG. s i mp i o ma il tranofor protocolo, structurod hyport e xt transfer 
protoco l s, and wob ma i l protocols. 

54. (Canceled) The method of cla i m 51, whoroin tho commun i cation data can 
compr i s e HTTP roquosts from the cliont and a rooponsos from tho sorvor application. 

55. (Canceled) Tho mothod of claim 51, whoro i n tho oorvor applicat i on i s 
i mplomentod by a wob corver. 

56. (Canceled) Th o m o thod of cla i m 51, whoroin the cliont i s i mplomont o d by 
a wob enab l ed dov i co i nc l uding a un i que I nternet protoco l (IP) addr e ss. 

57. (Canceled) Tho mothod of claim 51 . whoroin the communication data 
comprises only transm i ss i on control protocol packets. 

58. (Canceled) A system for monitoring usor l ogin activity for a server 
applicat i on, tho mothod comprising: 

(a) a network intorfaco oporablo to r e co i vo commun i cation data between a 

sorvor app li cation and an f i rst authonticatod usor; and 

^ a d o toctor oporablo to mon i tor a l ogin soooion botwoon tho server 

application and the first authont i catod usor dur i ng a timo interva l , and 
operabl e to detect whether the first authonticatod usor logs into the 
sorvor application as a second authonticatod user during tho time 
interva l . 

59. (Canceled) Tho system of c l aim 58, whoro i n tho communication data i s 
communicated over a network oo l octod from tho group cons i st i ng of a globa l 
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communication network, a wido aroa network, a loca l area notwork, and a wireless 
n e twork. 

60. (Canceled) The syotem of claim 58, whoroin tho communioation data 
comprioos an application protocol selected from the group conoisting of hypertext 
transfer protoco l o. simple object acoeoo protooo l o. wob distr i buted authoring and 
version i ng protoco l s, simple ma i l transfer protocols, wire l ess appl i cat i on protoco l s, file 
transfer protoco l s, I nternet message access protooo l o, post office protoco l s, web 
scrvic o s protocols, simpi o mai l transfer protocols, structured hypertext transfer 
protoco l s, and w e b mail protocolS r 

61 . (Canceled) The cyotem of c l aim 58, whoroin the communication data can 
compr i se HTTP requests from the cl i ent and HTTP responses from the server 
appl i cat i on. 

62. (Canceled) Tho syot o m of cla i m 58, whoroin tho server app li cat i on i s 
i mplemented by a web serv e r. 

63. (Canceled) The system of claim 58, whoroin tho c l ient is imp l emented by 
a wob enabled dev i ce inc l ud i ng a unique Intern e t protocol (IP) address. 

64. (Canceled) Tho system of c l aim 58, whoro i n tho commun i cat i on data 
comprises only transmission contro l protocol packets. 

65. (Canceled) A computer program — product compr i sing — comput e r 
executable instructions embod i ed i n a computer readab l e med i um for porform i ng 
stops comprising: 

^a) roooiving commun i cat i on data between a son/or appl i cat i on and a 

cli e nt; 
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(b) monitor i ng i i nrr '"j'" ^^■'■■mr hnh^opn tho oorver aPD l ication and 
tho cliont dur i ng a prodotorminod t i mo; and 

(c) d e te c ting whon th^ mimhgr nf nr.nr l ogin fai l ures oxooods a 
prodotorminod number. 

66. (Canceled) Tho computer program product of cla i m 65. whoroin the 
commun i cation data i s commun i cat e d ov o r a notwork oo l ect o d from tho group 
Gono i oting of a global communicat i on notwork, a wide area network, a local area 
notwork, and a wlroloso network. 

67. (Canceled) Tho computer program product of c l a i m 65, whoroin the 
communication data compriooo an applicat i on protoco l solectod from tho group 
cons i ot i ng of hyportoxt tranofor protocolc, oimp l o object accooo protocolc, web 
diotributod authoring and vors i oning protocolo, oimpio ma i l transfer protocols, wireless 
app l ication protocols, f i le tranofor protocolc, I nternet meosage accoso protoco l s, post 
offico protoco l s, web services protoco l o, simple mai l transfer protocols, structured 
hyportoxt transfer protoco l s, and wob mail protocols. 

68. (Canceled) Tho computer program product of claim 65, wher e in the 
communication data can comprise HTTP requests from tho cl i ent and HTTP 
respons e s from th e sorvor appl i cat i on. 

69. (Canceled) Tho computer program product of claim 65, whoroin the 
server application is imp le ment e d by a wob serv e r. 

70. (Canceled) The computer program product of c l aim 65, wher e in the cliont 
i s i mplemented by a web enab l ed device including a un i que Internet protoco l ( I P) 
addr e ss. 
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71. (Canceled) Tho oomputor program product of c l aim 65, whoro i n the 
commun i cation data compriooc only tranomiooion control protocol packots. 

72. (Currently Amended) A method for monitoring user logoff activity for a 
server application, the method comprising: 

(a) rocoiving capturing communication data of a login session 
communicated in a network connecting between a sen/er application and 
a client; 

(b) monitoring user logoff between the server application and the client 
based on the captured communication data : 

(c) monitoring automatic session expiration between the server application 
and the client based on the captured communication data : and 

(d) determining whether the client completes logoff before the session 
automatically expires. 

73. (Original) The method of claim 72, wherein the communication data is 
communicated over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a wireless 
network. 

74. (Currently Amended) The method of claim 72, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, oimplo mail tranofor protoco l s, wireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web sen/ices protocols, simple 'mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 
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75. (Original) The method of claim 72, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the server 
application. 

76. (Canceled) Tho method of claim 72, whoroin the oorvor applicat i on is 
i mplomontod by a web server. 

77. (Canceled) Th o method of c l aim 72, whoro i n the ol i ont is implemonted by 
a wob enabled dovico inc l uding a unique I ntornot protocol (IP) address. 

78. (Canceled) Tho method of claim 72, whoro i n tho communication data 
comprises on l y transmission control protocol packets. 

79. (Cun-ently Amended) A system for monitoring user logoff activity for a 
server application, the method comprising: 

(a) a network interface operable to roooiv e capture communication data of a 
login session communicated In a network connecting betwe e n a server 
application and a client; 

(b) a detector operable to monitor user logoff between the server application 
and the r.lif=in t based on the captured communication data , operable to 
monitor automatic session expiration between the server application and 
the nlien t based on the captured communication data , and operable to 
determine whether the client completes logoff before the session 
automatically expires. 

80. (Original) The system of claim 79, wherein the communication data is 
communicated over a network selected from the group consisting of a global 
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communication network, a wide area network, a local area network, and a wireless 
network. 

81. (Currently Amended) The system of claim 79, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, oimplo mail tranofor protocols, w ireless 
application protocols, file transfer protocols, Intemet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

82. (Original) The system of claim 79, wherein the communication data can 
comprise HTTP requests from the client and HTTP responses from the server 
application. 

83. (Canceled) Tho oyotom of claim 79, whoroin the oorvor appl i cat i on is 
implomontod by a wob oorver. 

84. (Canceled) The oyotom of claim 70, whoroin tho cliont io implemontod by 
a wob onablod dovico including a un i que I ntornot protoco l (IP) address. 

85. (Canceled) The oyot o m of claim 70, whoroin the communication data 
comprisoo only transmiooion control protocol pack e ts. 

86. (Currently Amended) A computer program product comprising computer- 
executable instructions embodied in a computer-readable medium for performing 
steps comprising: 
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(a) rocoiving capturing communication data of a login session 
communicated in a network connecting betw ee n a server application and 
a client; 

(b) monitoring user logoff between the server application and the client 
based on the captured communication data : 

(c) monitoring automatic session expiration between the server application 
and the client based on the captured communication data ; and 

(d) determining whether the client completes logoff before the session 
automatically expires. 

87. (Canceled) The computer program product of claim 86, whoro i n the 
communication data is commun i catod over a notwork s o loctod from the group 
oono i ot i ng of a global commun i cat i on network, a wido area network, a l oca l area 
notwork, and a wirolooo notwork. 

88. (Canceled) Tho computer program product of cla i m 86, whoroin the 
communication data compriGos an appl i cation protoco l oelocted from the group 
consisting of hypertext transfer protocolc. simple object accoGc protocols, web 
diotributed author i ng and versioning protocols, simpl e mai l transf e r protoco l s, wireless 
application protocolo, filo transfer protoco l s. Internet message access protoco l s, post 
offico protoco l s, wob sen/ices protocols, s i mple mai l transfer protocols, structured 
hypertext transfer protocols, and web mail protocols. 

89. (Canceled) The computer program product of c l aim 86, whoro i n the 
communicat i on data can compriso HTTP requests from tho c li ent and HTTP 
responses from th e server application. 



- 18- 



Serial No.: 10/785,584 

90. (Canceled) Tho oomputor program product of claim 86, whoroin the 
sorvor application i o I mplomontod by a wob corver. 

91 . (Canceled) Tho oomputor program product of cla i m 86, whoro i n tho c l ient 
i o imp l omontod by a wob onablod dov i co includ i ng a unique Intornot protocol ( I P) 
addr e ss. 

92. (Canceled) Tho computer program product of claim 86, whoroin the 
communicat i on data comprioos on l y tranom i ssion control protocol packets. 

93. (Currently Amended) A method for monitoring simultaneous logins for a 
server application, the method comprising: 

(a) caoturino communication data commu nicated in a network connectinfl a 
server application and at least one client, wherein the captured 
communication data is associated w ith first and second user login 
sessions for first and second user s, respectively, of the server 
application: 

£b} monitoring [[a]] the captured communication data as sociated with the first 

and second user login sessions for a first user of a sorver applicat i on; 

(b) monitoring a ocnonfl mt"'- '^j'" cnrr i nn fnr n nocond user of tho server 
appl i cation ; and 

(c) determining whether the second user login session occurs during the first 
user login session when the user of the first and second login session 
are identical. 
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94. (Original) The method of claim 93, comprising selectively generating an 
alert based upon whether the second user login session occurs during the first user 
login session when the user of the first and second login session are identical. 

95. (Original) The method of claim 93, wherein the first and second login 
sessions communicate over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a wireless 
network. 

96. (Currently Amended) The method of claim 93, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, s i mplo ma i l tranofor protocols, wireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

97. (Canceled) Tho mothod of claim 03, whoroin tho sorvor appl i cation i s 
imp l omentod by a wob oorvor. 

98. (Canceled) The mothod of claim 93, whoroin the client is implomontod by 
a wob enabled dovico including a uniquo I ntornot protocol ( I P) addr e ss. 

99. (Currently Amended) A system for monitoring simultaneous logins for a 
server application, the method comprising: 

(a) a network interface operable to capture communication data 
communicated in a network connecting a serve r aoplication and at least 
one client, wherein the captured communication data is associated with 
first and second user login sessions for the first and second users. 
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respectively, of the server application mon i tor communicat i on data 
bctwoon a oorvor appl i cation and a c l ient ; and 
(b) a detector operable to monitor [[a]] the captured communication data 
associated with the first and second user login sessions for a first us e r of 
tho corvcr applirat i rrn. ^p"''^'^'^ mnn i tnr n cocond uoor log i n coss i on 
for a oocond uoor of tho son/or application , and operable to detemnine 
whether the second user login session occurs during the first user login 
session when the user of the first and second login session are identical. 

100. (Original) The system of claim 99, wherein the detector is operable to 
selectively generating an alert based upon whether the second user login session 
occurs during the first user login session when the user of the first and second login 
session are identical. 

101. (Original) The system of claim 99, wherein the first and second login 
sessions communicate over a network selected from the group consisting of a global 
communication network, a wide area network, a local area network, and a wireless 
network. 

102. (Currently Amended) The system of claim 99, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, simple mail transfer protocols, wireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

103. (Canceled) Tho system of claim 00, whoro i n tho corvor applicat i on is 
i mplomentod by a wob server. 
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104. (Canceled) Tho oyot o m of c l aim 00, whoroin tho cl i ont ic implomontod by 
a wob onab l ed dovico including a un i quo Intomot protooo l ( I P) addrosg 

1 05. (Currently Amended) A computer program product comprising computer- 
executable instructions embodied in a computer-readable medium for performing 
steps comprising: 

(a) na pturino communication dat a rnmmunicated in a network connecting a 
sftrver apolicatinn and at le ast one client wherein the captured 
nommunication data is associ ated with first and second user loflin 
sessions for first and sec o nd users, respectively, of the server 
application: 

^b) monitoring [[a]] the captured communication data associated with the first 

and second user login sessions for a first uoor of a scrvor app l icat io n; 

^ mon i toring a oocond uoor log i n oossion for a oocond uoor of tho sorver 

application ; and 

(c) determining whether the second user login session occurs during the first 
user login session when the user of the first and second login session 
are identical. 



106. (Canceled) Tho computer program product of cla i m 105, compris i ng 
Golootivoly gonorating an a l ort basod upon whothor tho cocond user log i n c o'i r io n 
occuro during the firot user log i n oocsion whon tho usor of tho firot and second login 
ooss i on aro idont i cal. 

107. (Canceled) Tho oomputor program product of c l a i m 105, whoroin tho first 
an d cc c ond I p gin ^r-- ' ^'^'' nnmrnnnirnto ovor a notworU soloctod from tho group 
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oonoiDt i ng of o global communicat i on network, a wide aroa network, a l oca l area 
network, and a w i ro l ooo network. 

108. (Canceled) The computer program product of c l a i m 105, whoroin the 
communication data comprioeo an application protocol ooloctod from tho group 
oonoioting of hypertext tranofor protoco l s, oimp i o object aooooo protooolo, web 
distribut e d authoring and veroioning protocolo, oimp l e mai l transfer protoco l o, wire l ess 
app li cat i on protocols, file transfer protocols, Intomet message access protoco l s, post 
office protocols, wob sorv i ccs protoco l s, simp l e mai l transfer protoco l s, structured 
hypertext transfer protoco l s, and web ma i l protocols. 

109. (Canceled) The computer program product of cla i m 105, where i n the 
server applicat i on is implemented by a wob server. 

110. (Canceled) Th o computer program product of claim 105, wherein the 
c l ient is i mplemented by a web enabled device inc l uding a un i que internet protocol 
( I P) addr e ss. 

111. (Currently Amended) A method of monitoring logins for a server 
application, the method comprising: 

(a) designating a first login time for a client as a disallowed login time; 

(b) determining a second login time for the client in communication data with 
a server application based on communicatio n data captured from a 
network connecting the server application and the client: 

(c) determining whether the second login time matches the first login time; 
and 

(d) if the first and second login times match, indicating that the client in data 
communication with the server application is logging in at a disallowed 
login time. 
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112. (Original) The method of claim 111, if the login time for the client is 
disallowed, generating an alert. 

113. (Original) The method of claim 111, wherein the server application 
communicates data over a network selected from the group consisting of a global 
communication networic. a wide area network, a local area network, and a wireless 
network. 

114. (Currently Amended) The method of claim 111, wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, oimpio mail tranofor protoco l s, wireless 
application protocols, file transfer protocols, Intemet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 

1 1 5. (Original) The method of claim 111, wherein the data communicated with 
the server application can comprise HTTP requests from the client and HTTP 
responses from the server application. 

116. (Canceled) Tho method of c l a i m 111, wheroin tho corver applicat i on is 
implomontod by a wob corver. 

117. (Canceled) Tho method of claim 111, where i n tho c l iont i o implomonted 
by a wob enabled dovico i ncluding a unique Intornct protocol ( I P) address. 

1 1 8. (Canceled) Tho mothod of c l aim 111, whoroin tho data commun i cated 
w i th th o Gorvor applicat i on oomprioos only tranomisoion control protocol packets. 
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119. (Currently Amended) A system for monitoring logins for a server 

application, the method comprising: 

(a) a networi^ interface operable to monitor and capture communication data 
communicated between a server application and a client; and 

(b) a detector operable to designate a first login time for a client as a 
disallowed login time, operable to determine a second login time for the 
client in communication data with a server application based on the 
rnmm.inication d^t;, r.antured from the network, operable to determine 
whether the second login time matches the first login time, and operable 
to indicating that the client in data communication with the server 
application is logging in at a disallowed login time, if the first and second 
login times match. 

120. (Original) The system of claim 119. wherein the detector is operable to 
generate an alert if the login time for the client is disallowed. 

121. (Original) The system of claim 119, wherein the server application 
communicates data over a networi^ selected from the group consisting of a global 
communication network, a wide area network, a local area networi<. and a wireless 
network. 

122. (Currently Amended) The system of claim 119. wherein the 
communication data comprises an application protocol selected from the group 
consisting of hypertext transfer protocols, simple object access protocols, web 
distributed authoring and versioning protocols, oimplo mail trancf o r protocols, w ireless 
application protocols, file transfer protocols, Internet message access protocols, post 
office protocols, web services protocols, simple mail transfer protocols, structured 
hypertext transfer protocols, and web-mail protocols. 
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123. (Original) The system of claim 119, wherein the data communicated with 
the server application can comprise HTTP requests from the client and HTTP 
responses from the server application. 

124. (Canceled) Tho oyotom of c l a i m 110, whoro i n the ocrvcr appli rn t io n is 
i mplomontod by a wob oorver. 

125. (Canceled) The oyotom of c l a i m 110, whoroin tho cliont ic implomonted 
by a wob onablod dovico inc l uding a unique I ntornot protoco l (IP) addres s 

126. (Canceled) Tho oyotom of c l aim 110, wherein tho data communicated 
with tho Gon/or app l ication oompricoc only tranomiocion contro l protocol p nnkPt s 

1 27. (Currently Amended) A computer program product comprising computer- 
executable instructions embodied in a computer-readable medium for performing 
steps comprising: 

(a) designating a first login time for a client as a disallowed login time; 

(b) determining a second login time for the client in data communication with 
a server appiinatinn based on communicatio n data captured from a 
nPtwnrk connecting the server ap plication and the client; 

(c) determining whether the second login time matches the first login time; 
and 

(d) if the first and second login times match, indicating that the client in data 
communication with the server application is logging in at a disallowed 
login time. 

128. (Canceled) Tho computer program product of cla i m 127, if th e log i n t i me 
for tho cl i ont io dioa ll owcd, gonorating an a le rt. 
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129. (Canceled) Tho computer program product of c l aim 127. whoro i n the 
Gcrvcr applicat i on commimi rn t G G data ovor a notwork colootod from tho group 
conc i cting of a gl " ^"' ^^mm . minntinn network, a wide aroa network, a local area 
notwork, and a wirolooo notwork. 

130. (Canceled) Tho computer program product of c l aim 127, whoroin the 
communication data comprinno an app l icnti n n protocol colootod from tho gr o up 
conoiGting of hypcrtod tran r for protocolc, c i mpio object acccoG protoco l c. we h 
diGtributod authoring and vorci o n i ng protocolc. rimpic mail trancf o r protocolc. wirole^s 
applicat i on protocolo, fi l e trancfcr protocolc, Intcmct moccago nccooG protocolc, po s t 
of fi c e pr o tocols, wnh r^'^"-^- prntnrn i r nmplc mail trancfcr protoco l o. ctruct u re d 
hyportoxttranofor protocolo, and wob ma i l protoco l s. 

131. (Canceled) Tho computer program product of claim 127, whoroin the 
data communicated with tho oorvcr applicat i on can comprico I I TTP roquoctc fmm the 
client and HTTP rooponGOG from the Gon/er appl i cat i on. 

132. (Canceled) Tho computer program product of cla i m 127, whoroin the 
Gorvor application i s i mplomontod by a wob corver. 

133. (Canceled) Tho computer program product of claim 127. whoroin the 
cli ent \z i mpl c mcnt- d by nnnh i nH Hrvino inc l ud i ng a uniquo Internet protoco l 
(IP) address. 

134. (Canceled) The computer program product of cla i m 127, whoroin the 
data communicated with the oervor application compriGOO only transmisGion control 
protocol pack e ts. 
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135. (New) The method of claim 30 wherein capturing communication data 
includes copying the communication data communicated in the network connecting the 
server application and the client. 

1 36. (New) The method of claim 30 wherein the communication data contains 
a session identifier that identifies a session established between the server application 
and the client, and wherein monitoring user login failures includes identifying 
communication data containing the session identifier. 

137. (New) The system of claim 37 wherein the network interface is operable 
to copy the communication data being communicated in the network connecting the 
server application and the client. 

1 38. (New) The system of claim 37 wherein the communication data contains 
a session identifier that identifies a session established between the server application 
and the client, and wherein the detector is operable to identify communication data 
containing the session identifier. 

139. (New) The method of claim 72 wherein capturing communication data 
includes copying the communication data communicated in the network connecting the 
server application and the client. 

140. (New) The method of claim 72 wherein the communication data contains 
a session identifier that identifies a session established between the server application 
and the client, and wherein monitoring automatic session expiration includes 
identifying communication data containing the session Identifier. 

141. (New) The system of claim 79 wherein the network interface is operable 
to copy the communication data being communicated in the network connecting the 
server application and the client. 
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142. (New) The system of claim 79 wherein the communication data contains 
a session identifier that identifies a session established between the server application 
and the client, and wherein the detector is operable to identify communication data 
containing the session identifier. 

143. (New) The method of claim 93 wherein capturing communication data 
includes copying the communication data communicated in the network connecting the 
server application and the at least one client. 

1 44. (New) The method of claim 93 wherein the communication data contains 
two session identifiers that identify the two sessions established between the server 
application and one or two clients, and wherein monitoring the captured 
communication data includes identifying communication data containing the session 
identifiers. 

145. (New) The system of claim 99 wherein the network interface is operable 
to copy the communication data being communicated in the network connecting the 
server application and the at least client. 

146. (New) The system of claim 99 wherein the communication data contains 
two session identifiers that identify the two sessions established between the server 
application and one or two clients, and wherein monitoring the captured 
communication data includes identifying communication data containing the session 
identifiers. 

147. (New) The method of claim 111 wherein determining a second login 
time is based on communication data copied from the network connecting the server 
application and the client. 
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148. (New) The method of claim 111 wherein the communication data 
contains a session identifier that identifies a session established between the server 
application and the client, and wherein determining a second login time includes 
identifying communication data containing the session identifier. 

149. (New) The system of claim 119 wherein the network interface is 
operable to copy the communication data being communicated in the network 
connecting the server application and the client. 

150. (New) The system of claim 119 wherein the communication data 
contains a session identifier that identifies a session established between the server 
application and the client, and wherein the detector is operable to identify 
communication data containing the session identifier. 
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